*** NetKeeper 8.540 Release *** Total number of signatures: 3049 Signature update 8.540 is for NetKeeper series devices. NK6000 (NK6105, NK6210C/F/G) NK3500 (NK3520, NK3550) NK5500 NK5900 NK7210 Description ================================================================== In this signature, we addressed the exploits/vulnerabilities and applications as below: Different from the version 8.538 *** Modify 314 Rules: -------------------------------------------------------------------- 1056234 WEB PHP Arbitrary Code Injection -5.a 1056706 WEB Novell ZENworks Configuration Management Multiple Directory Traversals 1058626 WEB Generic XXE Information Disclosure -1 1058627 WEB Generic XXE Information Disclosure -2 1132543 WEB Apache Struts Dynamic Method Invocation Remote Code Execution -1.h 1150001 SIP Digium Asterisk Management Interface HTTP Digest Authentication Stack Buffer Overflow -G (CVE-2012-1184) 1150061 EXPLOIT HP OpenView Network Node Manager OvJavaLocale Buffer Overflow (CVE-2010-2709) 1150116 WEB-CLIENT Microsoft Internet Explorer 8 Developer Tools Remote Code Execution -A (CVE-2010-0811) 1150136 SMTP Multiple Products STARTTLS Plaintext Command Injection (CVE-2011-0411) 1150190 WEB-CLIENT Microsoft Internet Explorer 8 Developer Tools Remote Code Execution -B (CVE-2010-0811) 1150408 EXPLOIT Novell GroupWise Internet Agent HTTP Interface Stack Buffer Overflow -C (CVE-2011-0334) 1150409 SCADA Sielco Sistemi Winlog Buffer Overflow (CVE-2011-0517) 1133215 EXPLOIT Generic HTML Threat -29 1133174 WEB-CLIENT Microsoft Internet Explorer and Edge Scripting Engine CVE-2016-3382 Type Confusion -1 (CVE-2016-3382) 1133458 WEB-CLIENT JavaScript Heap Exploitation -3 1133189 MISC Bitcoin/LiteCoin/Dogecoin Mining Activity -2 1055432 WEB Apache Struts 2 OGNL Script Injection -1 1056488 WEB PHP Arbitrary Code Injection -6.a 1130507 WEB Remote Command Execution via Python -1.a 1054838 WEB Local File Inclusion win.ini -1 1059426 EXPLOIT Generic HTML Threat -16 1059418 SSH Brute Force Login 1133407 WEB Brute Force Login -1 1056521 IMAP Service Multiple Commands Buffer Overflow - 3 1064162 IM QQ/TM login via UDP -1 1053222 IM QQ/TM login via UDP -2 1053432 IM QQ/TM login via UDP -3 1064373 IM QQ/TM login via UDP -4 1053656 IM QQ/TM login via UDP -5 1064192 IM QQ/TM login via TCP -2 1052032 IM QQ/TM login via TCP -4 1064372 IM QQ/TM login via TCP -5 1052835 IM QQ/TM login via TCP -11 1052836 IM QQ/TM login via TCP -12 1052057 IM QQ/TM transfer via UDP -1 1052059 IM QQ/TM transfer via UDP -2 1052622 IM QQ/TM transfer via UDP -4 1052838 IM QQ/TM transfer via UDP -6 1053423 IM QQ/TM transfer via UDP -7 1063455 IM QQ/TM transfer via UDP -8 1063483 IM QQ/TM transfer via UDP -9 1052056 IM QQ/TM transfer via TCP -1 1063456 IM QQ/TM transfer via TCP -5 1065535 IM QQ/TM transfer via TCP -6 1052062 IM QQ/TM media-audio via TCP -1 1067543 IM QQ/TM media-audio via TCP -2 1067580 IM QQ/TM media-video via UDP -1 1067544 IM QQ/TM media-video via TCP -1 1067851 IM QQ/TM media via UDP -1 1051873 IM Rediff BOL login via TCP -1 1052034 IM Rediff BOL login via TCP -2 1052607 IM Rediff BOL login via TCP -3 1051874 IM Rediff BOL communicate via TCP -1 1051877 IM Rediff BOL communicate via TCP -2 1051875 IM Rediff BOL transfer via TCP -1 1051876 IM Rediff BOL media-audio via TCP -1 1052603 IM Gadu-Gadu login via TCP -1 1053205 IM Gadu-Gadu login via TCP -2 1160102 IM Gadu-Gadu access via SSL -1 1053196 IM Wlt login via TCP -1 1053199 IM Paltalk login via TCP -1 1064406 IM Paltalk login via TCP -2 1053228 IM Jabber-UcTalk/UTGame login via UDP -1 1053447 IM Jabber-UcTalk/UTGame login via UDP -4 1053624 IM Jabber-UcTalk/UTGame login via UDP -3 1053198 IM Jabber-UcTalk/UTGame login via UDP -5 1053268 IM Jabber-UcTalk/UTGame login via TCP -2 1063432 IM Jaber-UcTalk/UTGame transfer via TCP -1 1063431 IM Jaber-UcTalk/UTGame media-video via TCP -1 1063430 IM Jaber-UcTalk/UTGame media-audio via TCP -1 1053218 IM WinpopupX login via UDP -1 1053221 IM Pidgin access via TCP -1 1053461 IM Caihong login via TCP -1 1053701 IM Digsby login via TCP -1 1063587 IM Digsby login via TCP -2 1064063 IM Digsby login via TCP -3 1053641 IM Fetion login via SSL -1 1053872 IM Fetion login via SSL -2 1061816 IM Fetion login via TCP -3 1063392 IM Fetion login via TCP -4 1063393 IM Fetion login via TCP -5 1067142 IM Fetion login via TCP -6 1053609 IM Fetion communicate via TCP -1 1053645 IM Fetion communicate via TCP -2 1053643 IM Fetion transfer via TCP -1 1053644 IM Fetion transfer via TCP -2 1063499 IM Fetion transfer via TCP -3 1066388 IM Fetion transfer via TCP -4 1067143 IM Fetion transfer via TCP -5 1053650 IM Fetion media-audio via TCP -1 1063395 IM Fetion media-video via TCP -3 1063394 IM Fetion media-audio via TCP -2 1067144 IM Fetion media-video via TCP -4 1053702 IM Heyyo login via TCP -1 1053708 IM Alicall login via UDP -1 1053709 IM Alicall login via TCP -1 1064020 IM Alicall login via TCP -2 1064021 IM Alicall login via TCP -3 1066057 IM Alicall login via TCP -4 1066058 IM Alicall access via TCP -1 1066059 IM Alicall access via TCP -2 1053367 P2P BT-BitComet transfer via TCP -1 1064191 P2P BT-BitComet transfer via TCP -2 1063205 P2P BT-BitComet connect via TCP -1 1054152 P2P BT-Vuze communicate via TCP -1 1054153 P2P BT-Vuze communicate via TCP -2 1061739 P2P BT-Vuze communicate via TCP -3 1065710 P2P BT-Vuze communicate via TCP -4 1063290 P2P BT-Vuze communicate via UDP -2 1063225 P2P BT-BitSpirit access via TCP -1 1051213 P2P DirectConnect transfer via TCP -1 1051900 P2P DirectConnect $Supports access via TCP -1 1051901 P2P DirectConnect access via TCP -1 1051685 P2P eDonkey login server via TCP -1 1051998 P2P eDonkey Hello communicate via TCP -1 1052024 P2P eDonkey Request parts communicate via TCP -1 1052058 P2P eDonkey Hello answer communicate via TCP -2 1063211 P2P eDonkey-eMule/Vagaa Version Check via TCP -1 1052887 P2P eDonkey-easyMule access via UDP -1 1061726 P2P eDonkey-easyMule access via UDP -2 1061727 P2P eDonkey-easyMule access via UDP -3 1053225 P2P eDonkey-easyMule access via TCP -1 1061710 P2P eDonkey-easyMule access via TCP -2 1064188 P2P eDonkey-easyMule access via SSL -1 1052694 P2P Vagaa transfer via TCP -1 1052692 P2P Vagaa access via UDP -1 1052693 P2P Vagaa access via UDP -2 1051904 P2P FastTrack ping communicate via UDP -1 1051254 P2P FastTrack transfer via TCP -1 1052734 P2P FastTrack transfer via TCP -2 1053907 P2P Gnutella-Foxy transfer via UDP-1 1052637 P2P Gnutella-Foxy communicate via TCP-1 1053426 P2P Gnutella-Foxy communicate via TCP-4 1063215 P2P Gnutella-Foxy communicate via TCP-5 1051785 P2P Gnutella ping communicate via UDP -1 1052039 P2P Gnutella communicate via TCP -1 1051212 P2P Gnutella transfer via TCP -1 1052833 P2P Gnutella transfer via UDP -1 1051783 P2P Gnutella connect via TCP -1 1063224 P2P Thunder Series Version Check via TCP -1 1052292 P2P Thunder transfer via TCP -2 1052681 P2P Thunder transfer via TCP -3 1052684 P2P Thunder transfer via TCP -4 1052808 P2P Thunder transfer via TCP -5 1052881 P2P Thunder transfer via TCP -6 1067612 P2P Thunder transfer via TCP -7 1067740 P2P Thunder transfer via TCP -8 1053017 P2P Thunder transfer via TCP -9 1068063 P2P Thunder transfer via TCP -11 1053296 P2P Thunder access via TCP -1 1053297 P2P Thunder access via TCP -2 1053298 P2P Thunder access via TCP -3 1053299 P2P Thunder access via TCP -4 1066232 P2P Thunder access via TCP -5 1065491 P2P QQDownload transfer via UDP -1 1061635 P2P QQDownload transfer via TCP -1 1053449 P2P QQDownload transfer via TCP -2 1061637 P2P QQDownload transfer via TCP -3 1053877 P2P QQDownload transfer via TCP -4 1063433 P2P QQDownload transfer via TCP -5 1065490 P2P QQDownload transfer via TCP -6 1065492 P2P QQDownload transfer via TCP -7 1067272 P2P QQDownload access via TCP -1 1065503 P2P Ares media via TCP -3 1052994 P2P Ares access via UDP -1 1053862 P2P Ares access via UDP -2 1054147 P2P Ares access via UDP -3 1052993 P2P Ares access via TCP -2 1054145 P2P Ares access via TCP -3 1065502 P2P Ares access via TCP -4 1069104 P2P Ares access via TCP -5 1052093 VOIP NetMeeting whiteboard service access via TCP -1 1051701 TUNNEL VNN Client login via UDP -1 1052857 TUNNEL VNN Client login via UDP -2 1053310 TUNNEL VNN Client login via TCP -1 1064399 TUNNEL VNN Client login via TCP -2 1067436 TUNNEL VNN Client login via TCP -3 1052290 TUNNEL TinyVPN login via TCP -1 1052668 TUNNEL Ping Tunnel connect via ICMP -1 1053830 TUNNEL Freegate login via UDP -1 1064000 TUNNEL Freegate login via UDP -2 1064377 TUNNEL Freegate login via UDP -3 1064378 TUNNEL Freegate login via UDP -4 1064983 TUNNEL Freegate login via UDP -5 1064984 TUNNEL Freegate login via UDP -6 1064985 TUNNEL Freegate login via UDP -7 1064986 TUNNEL Freegate login via UDP -8 1065834 TUNNEL Freegate login via UDP -9 1053831 TUNNEL Freegate login via TCP -1 1053832 TUNNEL Freegate login via TCP -2 1053836 TUNNEL Freegate login via TCP -3 1061780 TUNNEL Freegate login via TCP -4 1053869 AP State - TUNNEL Freegate http request fragment evasion 0-1 1061806 AP State Flow- TUNNEL Freegate http request fragment evasion 1-F/Flow 1053043 TUNNEL HTTP Proxy Server communicate via TCP -1 1063364 MEDIA TudouVa communicate via TCP -1 1063365 MEDIA TudouVa communicate via TCP -2 1066068 MEDIA TudouVa communicate via TCP -3 1051825 MEDIA Windows Media Player media via TCP -2 1051826 MEDIA Windows Media Player media via TCP -3 1051827 MEDIA Windows Media Player media via TCP -4 1052918 MEDIA Windows Media Player media via TCP -5 1050958 MAIL POP3 User login via TCP -1 1050957 MAIL POP3 PASS communicate via TCP -1 1050714 MAIL IMAP4 login via TCP -1 1063543 MAIL Pchome login via SSL -1 1053229 GAME Sina Web login via TCP -1 1063390 GAME Sina Web login via TCP -2 1053249 GAME WoW login via TCP -1 1061734 GAME WOW login via TCP -2 1063356 GAME WoW communicate via TCP -2 1068889 GAME WOW transfer via TCP -1 1049071 TERMINAL PCAnywhere server response access via UDP -1 1049016 TERMINAL PCAnywhere Attempted Administrator login via TCP -1 1049021 TERMINAL PCAnywhere Failed login via TCP -1 1052108 TERMINAL PcAnywhere Access Port-5631 connect via TCP -1 1053409 TERMINAL PCAnywhere connect via TCP -1 1067737 TERMINAL pcAnywhere connect via TCP -2 1068745 TERMINAL MS RDP communicate via UDP -1 1060229 TERMINAL MS RDP communicate via TCP -1 1068268 TERMINAL MS RDP communicate via TCP -2 1068269 TERMINAL MS RDP communicate via TCP -3 1063517 NETWORK Multicast DNS query access via UDP -1 1063584 NETWORK UPnP access via UDP -1 1063585 NETWORK UPnP access via UDP -2 1063586 NETWORK UPnP access via TCP -1 1052849 NETWORK NETBIOS SMB Empty Password Failed access via TCP -1 1064054 NETWORK SNMP public access UDP -1 1064055 NETWORK SNMP public access TCP -1 1064056 NETWORK SNMP private access UDP -1 1064057 NETWORK SNMP private access via TCP -1 1048972 NETWORK Photuris (Authentication Failed) connect via ICMP -1 1048891 NETWORK icmpenum v1.1.1 via ICMP -1 1048893 NETWORK redirect net via ICMP -1 1049008 NETWORK Large ICMP Packet via ICMP -1 1048892 NETWORK redirect host connect via ICMP -1 1048897 NETWORK Source Quench connect via ICMP -1 1048925 NETWORK PING connect via ICMP -1 1048926 NETWORK traceroute connect via ICMP -1 1048927 NETWORK Address Mask Reply connect via ICMP -1 1048929 NETWORK Address Mask Request connect via ICMP -1 1048931 NETWORK Alternate Host Address connect via ICMP -1 1048933 NETWORK Datagram Conversion Error connect via ICMP -1 1048904 NETWORK Destination Unreachable connect via ICMP -1 1048905 NETWORK Destination Unreachable connect via ICMP -2 1048906 NETWORK Destination Unreachable connect via ICMP -3 1048935 NETWORK Destination Unreachable connect via ICMP -4 1048936 NETWORK Destination Unreachable connect via ICMP -5 1048937 NETWORK Destination Unreachable connect via ICMP -6 1048938 NETWORK Destination Unreachable connect via ICMP -7 1048939 NETWORK Destination Unreachable connect via ICMP -8 1048940 NETWORK Destination Unreachable connect via ICMP -9 1048941 NETWORK Destination Unreachable connect via ICMP -10 1048942 NETWORK Destination Unreachable connect via ICMP -11 1048943 NETWORK Destination Unreachable connect via ICMP -12 1048944 NETWORK Destination Unreachable connect via ICMP -13 1048945 NETWORK Destination Unreachable connect via ICMP -14 1048946 NETWORK Destination Unreachable connect via ICMP -15 1048947 NETWORK Destination Unreachable connect via ICMP -16 1048951 NETWORK Fragment Reassembly Time Exceeded connect via ICMP -1 1048956 NETWORK Information Reply connect via ICMP -1 1048958 NETWORK Information Request connect via ICMP -1 1048960 NETWORK Mobile Host Redirect connect via ICMP -1 1048962 NETWORK Mobile Registration Reply connect via ICMP -1 1048964 NETWORK Mobile Registration Request connect via ICMP -1 1048966 NETWORK Parameter Problem (Bad Length) connect via ICMP -1 1048967 NETWORK Parameter Problem (Missing a Requiered Option) connect via ICMP -1 1048968 NETWORK Parameter Problem (Unspecified Error) connect via ICMP -1 1048970 NETWORK Photuris (Reserved) connect via ICMP -1 1048971 NETWORK Photuris (Unknown Security Parameters Index) connect via ICMP -1 1048973 NETWORK Photuris (Decryption Failed) connect via ICMP -1 1048975 NETWORK Redirect (for TOS and Host) connect via ICMP -1 1048976 NETWORK Redirect (for TOS and Network) connect via ICMP -1 1048978 NETWORK Reserved for Security (Type 19) connect via ICMP -1 1048980 NETWORK Router Advertisement connect via ICMP -1 1048981 NETWORK Router Selection connect via ICMP -1 1048982 NETWORK SKIP connect via ICMP -1 1048985 NETWORK Time-To-Live Exceeded in Transit connect via ICMP -1 1048987 NETWORK Timestamp Reply connect via ICMP -1 1048989 NETWORK Timestamp Request connect via ICMP -1 1048991 NETWORK Traceroute ipopts connect via ICMP -1 1050288 NETWORK source route - lsrr connect via ICMP -1 1050290 NETWORK sourceroute-ssrr connect via ICMP -1 1053195 MEDIA FLV file media via TCP -1 1053273 MEDIA FLV file media via TCP -2 1052582 MEDIA MP3 file media via TCP -1 1067741 MEDIA MP3 file media via TCP -2 1068327 MEDIA WebStreaming mkv media via TCP -1 1068328 MEDIA WebStreaming mkv media via TCP -2 1061777 MEDIA WebStreaming audio media via TCP -1 1062439 MEDIA WebStreaming video media via TCP -1 1063544 WEB RSS access via TCP -1 1051738 WEB ActiveX Control transfer via TCP -1 1052080 WEB ActiveX Control transfer via TCP -2 1052081 WEB ActiveX Control transfer via TCP -3 1052082 WEB ActiveX Control transfer via TCP -4 1051820 WEB Java Applet transfer via TCP -1 1051821 WEB Java Applet transfer via TCP -2 1051870 WEB Java Applet transfer via TCP -3 1065784 WEB Yahoo Slurp crawler access via TCP -1 1065787 WEB Microsoft bingbot crawler access via TCP -1 1065788 WEB Googlebot crawler access via TCP -1 1065789 WEB Googlebot crawler access via TCP -2 1065790 WEB Googlebot crawler access via TCP -3 1065791 WEB Abot crawler access via TCP -1 1065792 WEB HTTrack crawler access via TCP -1 1065793 WEB Win Web Crawler access via TCP -1 1065794 WEB ZoomSpider crawler access via TCP -1 1069622 WEB HTTP access via TCP -3 1050955 FILE FTP User login via TCP -1 1050956 FILE FTP PASS command communicate via TCP -1 1050946 FILE FTP transfer-upload via TCP -1 1050947 FILE FTP transfer-download via TCP -1 1080019 SG - TUNNEL Freegate login via TCP/UDP Add 83 Rules: -------------------------------------------------------------------- 1133500 WEB Apache Struts Dynamic Method Invocation Remote Code Execution -1.u 1133517 EXPLOIT Generic HTML Threat -30 1133515 WEB PHP Arbitrary Code Injection -6.x 1133498 WEB Remote Command Execution via Shell Script -1.x 1133495 WEB Generic Shellcode Obfuscation -1 1133514 WEB PHP Arbitrary Code Injection -5.x 1133499 WEB NULL-Byte Injection -7 1133502 VIRUS Eicar test string -5 1133466 WEB-CLIENT Microsoft Browser Memory Corruption Vulnerability (CVE-2017-0037) 1133491 FILE Adobe Acrobat ImageConversion JPEG Heap-based Buffer Overflow (CVE-2017-2959) 1133503 WEB-CLIENT Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0010) 1133504 WEB-CLIENT Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0015) 1133505 WEB-CLIENT Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0067) 1133506 WEB-CLIENT Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-00141) 1133518 WEB-CLIENT Microsoft Edge document.domain Same Origin Policy Bypass -1 (CVE-2017-0002) 1133519 WEB-CLIENT Microsoft Edge document.domain Same Origin Policy Bypass -2 (CVE-2017-0002) 1133520 SMB Microsoft Windows LSASS Authentication Denial of Service -1 (CVE-2017-0004) 1133521 SMB Microsoft Windows LSASS Authentication Denial of Service -2 (CVE-2017-0004) 1133522 SMB Microsoft Windows LSASS Authentication Denial of Service -3 (CVE-2017-0004) 1133494 WEB-CLIENT Microsoft Internet Explorer Scripting Engine Memory Corruption -2 (CVE-2016-3385) 1133496 TELNET DBLTek GoIP Backdoor Access 1133507 WEB-CLIENT Internet Explorer Memory Corruption Vulnerability (CVE-2017-0018) 1133508 WEB-CLIENT Internet Explorer Elevation of Privilege Vulnerability (CVE-2017-0154) 1133516 WEB Dell SonicWALL GMS-Analyzer license.jsp Information Disclosure 1133492 EXPLOIT Tarantool xrow_header_decode Out of Bounds Read (CVE-2016-9037) 1133493 WEB HPE Operations Orchestration Insecure Deserialization (CVE-2016-8519) 1133524 WEB-CLIENT Browser WebKit Exploit Remote code execution -1 (CVE-2016-4657) 1133525 WEB-CLIENT Browser WebKit Exploit Remote code execution -2 (CVE-2016-4657) 1133513 WEB IBM Lotus Domino Multiple Cross Site Scripting Vulnerabilities -1.x (CVE-2015-5956) 1133509 WEB-CLIENT JavaScript Heap Exploitation -4 1133510 WEB-CLIENT JavaScript Heap Exploitation -5 1133511 WEB-CLIENT JavaScript Heap Exploitation -6 1133512 WEB-CLIENT JavaScript Heap Exploitation -7 1131577 WEB Watchguard XCS Remote Command Execution 1131578 WEB ManageEngine EventLog Analyzer Remote Code Execution (CVE-2015-7387) 1131604 WEB ManageEngine ServiceDesk Plus Arbitrary File Upload (ZDI-15-396) 1131646 EXPLOIT X11 Keyboard Command Injection 1131867 WEB Oracle Endeca IDI ETL Server UploadFileConent Directory Traversal 1132062 WEB F5 iControl iCall Script Root Command Execution -1 (CVE-2015-3628) 1132162 EXPLOIT Jenkins CLI RMI Java Deserialization Vulnerability (CVE-2015-8103) 1132197 WEB IBM WebSphere Application Server Commons-Collections Library Remote Code Execution -1 (CVE-2015-7450) 1132248 WEB D-Link DCS-931L Network Camera File Upload (CVE-2015-2049) 1132318 WEB D-Link DCS-930L Authenticated Remote Command Execution 1132482 FTP PCMAN FTP Server Buffer Overflow - PUT Command (EDB-37731) 1132608 WEB TP-Link SC2020n Authenticated Telnet Injection 1132929 WEB ManageEngine EventLog Analyzer Remote Code Execution (CVE-2015-7387) 1057612 WEB-ACTIVEX Honeywell Multiple Products HscRemoteDeploy.dll ActiveX Control Code Execution -2 (CVE-2013-0108) 1056108 WEB Microsoft IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow 1056120 EXPLOIT NetWeaver Dispatcher Stack Buffer Overflow (CVE-2012-2611) 1057030 EXPLOIT Novell eDirectory NCP Stack Buffer Overflow (CVE-2012-0432) 1057127 EXPLOIT BigAnt Server SCH Request Stack Buffer Overflow (CVE-2012-6275) 1057218 WEB URI Handler Buffer Overflow - GET -2 1059700 WEB Rocket Servergraph Admin Center fileRequestor run and runClear Command Executions -1 (CVE-2014-3914) 1059976 WEB SolarWinds Storage Manager Authentication Bypass (ZDI-14-299) 1059998 WEB JIRA Issues Collector Directory Traversal -2.a (CVE-2014-2314) 1112626 WEB Sophos Web Appliance SophosConfig Write Command Execution -2 (CVE-2014-2850) 1130077 WEB F5 Multiple Products iControl API hostname Remote Command Execution -1 (CVE-2014-2928) 1130179 WEB Visual Mining NetCharts Server Remote Code Execution -1 (CVE-2014-8516) 1130239 WEB F5 Multiple Products iControl API hostname Remote Command Execution -3 (CVE-2014-2928) 1130252 WEB ManageEngine EventLog Analyzer agentHandler Information Disclosure (CVE-2014-6038) 1130306 WEB ActualAnalyzer ant Cookie Command Execution (OSVDB-110601) 1131528 SMB Potential Exploit Data Detection -1 1055195 WEB Sun Java Web Start Plugin Command Line Argument Injection (CVE-2012-0500) 1056598 RPC EMC NetWorker nsrd Format String Remote Code Execution -1 (CVE-2012-2288) 1056943 FILE RealNetworks RealPlayer URL Parsing Stack Buffer Overflow (CVE-2012-5691) 1058077 WEB SQL injection attempt -1 1058417 WEB JIRA Issues Collector Directory Traversal -1.a (CVE-2014-2314) 1058545 WEB Cross-site Scripting -15 1058632 EXPLOIT Linksys E-series Unauthenticated Remote Code Execution Exploit (EDB-31683) 1058814 WEB Linksys WRT120N tmUnblock Buffer Overflow (EDB-31758) 1058816 WEB Apache Commons FileUpload and Apache Tomcat DoS -1 (CVE-2014-0050) 1058817 SCADA GE Proficy CIMPLICITY gefebt.exe Remote Code Execution (CVE-2014-0750) 1058825 EXPLOIT SolidWorks Workgroup PDM 2014 SP2 - Arbitrary File Write Vulnerability (OSVDB-10367) 1058834 WEB Apache Commons FileUpload and Apache Tomcat DoS -2 (CVE-2014-0050) 1058938 WEB-CLIENT Safari User-Assisted Download and Run Attack 1058947 SCADA Yokogawa CENTUM CS 3000 BKBCopyD.exe Buffer Overflow (CVE-2014-0784) 1058951 SCADA Yokogawa CENTUM CS 3000 BKHOdeq.exe Buffer Overflow (CVE-2014-0783) 1058961 SCADA Yokogawa CENTUM CS 3000 BKCLogSvr.exe Heap Buffer Overflow (CVE-2014-0781) 1059076 EXPLOIT Wireshark wiretap mpeg.c Stack Buffer Overflow 1059143 WEB LifeSize UVC Authenticated RCE via Ping (EDB-32437) 1059405 WEB Fritz Box Webcam Unauthenticated Command Injection (BID-65520) 1059414 WEB Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution (ZDI-14-069) 1160140 P2P BT-BitTorrent transfer via UDP -7 Delete 82 Rules: -------------------------------------------------------------------- 1133145 EXPLOIT OpenNMS Java Object Unserialization Remote Code Execution 1133061 FILE Microsoft Office CVE-2016-3318 Remote Code Execution -1 (CVE-2016-4324) 1133062 FILE Microsoft Office CVE-2016-3318 Remote Code Execution -2 (CVE-2016-3318) 1133074 FILE Microsoft True Type Font Parsing Information Disclosure Vulnerability (CVE-2016-3209) 1133079 WEB-CLIENT Microsoft Edge CVE-2016-3386 Memory Corruption (CVE-2016-3386) 1133080 WEB-CLIENT Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2016-3385) 1133081 WEB-CLIENT Microsoft Edge Array.join Type Confusion (CVE-2016-7189) 1133082 FILE Adobe Flash Player Memory Corruption (CVE-2016-4273) 1133083 WEB-CLIENT Microsoft Internet Explorer and Edge CVE-2016-3267 Information Disclosure (CVE-2016-3267) 1133084 WEB-CLIENT Microsoft Edge Chakra Array.map Type Confusion (CVE-2016-7190) 1133085 WEB-CLIENT Microsoft Internet Explorer Internet Messaging API Information Disclosure -1 (CVE-2016-3298) 1133086 WEB-CLIENT Microsoft Edge Chakra TemplatedForEachItemInRange Type Confusion (CVE-2016-7194) 1133087 WEB-CLIENT Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3331) 1133088 WEB-CLIENT Microsoft Internet Explorer and Edge Scripting Engine CVE-2016-3382 Type Confusion -2 (CVE-2016-3382) 1133090 FILE Adobe Flash Player Memory Corruption (CVE-2016-6981) 1133091 FILE Adobe Flash Player Memory Corruption (CVE-2016-4273) 1133092 FILE Adobe Reader Use After Free (CVE-2016-6946) 1133093 FILE Adobe Reader Memory Corruption (CVE-2016-6954) 1133094 FILE Adobe Reader Memory Corruption (CVE-2016-6960) 1133128 FILE Microsoft Windows PDF Library PostScript Information Disclosure -1 (CVE-2016-3374) 1133129 FILE Microsoft Windows PDF Library PostScript Information Disclosure -2 (CVE-2016-3374) 1133130 FILE Adobe Flash Selection.setFocus Use After Free -1 (CVE-2016-4227) 1133131 FILE Adobe Flash Selection.setFocus Use After Free -2 (CVE-2016-4227) 1133132 FILE Adobe Flash Player Rectangle Use After Free -1 (CVE-2016-4228) 1133133 FILE Adobe Flash Player Rectangle Use After Free -2 (CVE-2016-4228) 1133143 WEB Adobe ColdFusion OOXML XXE Information Disclosure (CVE-2016-4264) 1133146 WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -3 (CVE-2016-0063) 1133151 FILE Adobe Flash LoadVars Decode Use After Free -1 (CVE-2016-0974) 1133152 FILE Adobe Flash LoadVars Decode Use After Free -2 (CVE-2016-0974) 1133068 WEB-CLIENT Javascript Obfuscation in Exploit Kits - 83 (Ransomware Attack Vector) 1133071 WEB-CLIENT Suspicious HTML Iframe Tag -18 (Ransomware Attack Vector) 1133073 WEB-CLIENT Internet Explorer Memory Corruption Vulnerability -1 (CVE-2016-3383) 1133075 SIP Digium Asterisk PJSIP Stack ACK Denial of Service 1133076 WEB Wordpress Mobile Detector Plugin Remote File Upload 1133078 WEB-CLIENT Internet Explorer Memory Corruption Vulnerability -2 (CVE-2016-3383) 1133099 WEB Trend Micro SafeSync for Enterprise ad.pm id Remote Command Execution -1 1133100 WEB Trend Micro SafeSync for Enterprise ad.pm id Remote Command Execution -2 1133101 WEB Trend Micro SafeSync for Enterprise ad.pm id Remote Command Execution -3 1133102 WEB Trend Micro SafeSync for Enterprise ad.pm id Remote Command Execution -4 1133134 WEB FreePBX Framework modulefunctions.class.php display SQL Injection 1133135 WEB FreePBX Framework Recordings Module Remote Command Execution 1133136 WEB Nagios Network Analyzer create Cross-Site Request Forgery 1133137 FILE WECON LeviStudio BaseSet BgOnOffBitAddr Stack Buffer Overflow 1133139 WEB Trend Micro Control Manager ProductTree Information Disclosure (CVE-2016-6220) 1133140 DNS PowerDNS Authoritative Server Dot Character Denial of Service (CVE-2016-5427) 1133141 DNS PowerDNS Authoritative Server Long qname Denial of Service (CVE-2016-5426) 1133147 WEB Apache Jetspeed PageManagementService Cross-Site Scripting (CVE-2016-0711) 1133150 WEB Fortinet FortiGate Cookie Parser Buffer Overflow Vulnerability (CVE-2016-6909) 1133069 FILE Unitronics VisiLogic OPLC IDE vlp File Parsing Heap Buffer Overflow (CVE-2015-7939) 1133070 FILE LibreOffice and OpenOffice ODF Document PrinterSetup Integer Underflow (CVE-2015-5212) 1133072 WEB SearchBlox Stored Cross-Site Scripting (CVE-2015-0967) 1133097 WEB-CLIENT Oracle Java PhantomReference Use After Free -2 (CVE-2015-0395) 1133077 EXPLOIT Netcore Router default credential Remote Code Execution 1133098 WEB WordPress xmlrpc Pingback Denial of Service 1133103 WEB-CLIENT Mozilla Firefox XSL Transformation Memory Corruption -2 (CVE-2009-1169) 1133104 WEB-CLIENT Mozilla Firefox XSL Transformation Memory Corruption -3 (CVE-2009-1169) 1133105 WEB-CLIENT Mozilla Firefox XSL Transformation Memory Corruption -4 (CVE-2009-1169) 1133106 WEB-CLIENT Mozilla Firefox XSL Transformation Memory Corruption -5 (CVE-2009-1169) 1133107 WEB-CLIENT Mozilla Firefox XSL Transformation Memory Corruption -6 (CVE-2009-1169) 1133064 WEB Trend Micro Control Manager AdHocQuery_Processor.aspx SQL Injection -1 1133065 WEB Trend Micro Control Manager AdHocQuery_Processor.aspx SQL Injection -2 1133066 WEB Trend Micro Control Manager AdHocQuery_Processor.aspx SQL Injection -3 1133108 TELNET Default Password Login -1 1133109 TELNET Default Password Login -2 1133110 TELNET Default Password Login -3 1133111 TELNET Default Password Login -4 1133112 TELNET Default Password Login -5 1133113 TELNET Default Password Login -6 1133114 TELNET Default Password Login -7 1133115 TELNET Default Password Login -8 1133116 TELNET Default Password Login -9 1133117 TELNET Default Password Login -10 1133118 TELNET Default Password Login -11 1133119 TELNET Default Password Login -12 1133120 TELNET Default Password Login -13 1133121 TELNET Default Password Login -14 1133122 TELNET Default Password Login -15 1133123 TELNET Default Password Login -16 1133124 TELNET Default Password Login -17 1133125 TELNET Default Password Login -18 1133126 TELNET Default Password Login -19 1133127 TELNET Default Password Login -20